Please note that this is a very old post and probably contains out-of-date information.

Testing SSL pages (login pages etc) in development mode doesn't seem to be supported out of the box with Rails. Turns out that webrick includes an SSL server and it isn't too hard to set. You need this script (mentioned here). I changed the :ip setting and then saved it in my project as script/ssl_server. The trick is to run both the script/server and the script/ssl_server scripts at the same time. The problem is that you'll be using non-standard ports so the ssl_requirement plugin will fail to provide the correct redirects (it assumes ports 80 and 443). There's a ticket and patch about this but it doesn't look like it's going to be applied anytime soon. Let's just patch the code ourselves, replacing ssl_requirement's ensure_proper_protocol method.

def ensure_proper_protocol
  return true if ssl_allowed?

  if ssl_required? && !request.ssl?
    redirect_to "https://" + + (RAILS_ENV == 'development' ? ':3001' : '') + request.request_uri
    return false
  elsif request.ssl? && !ssl_required?
    redirect_to "http://" + + (RAILS_ENV == 'development' ? ':3000' : '') + request.request_uri
    return false

So I ran into another problem with my SSL pages, this time in production. If you use the assets host feature, you'll find your SSL protected pages reference assets with normal unsecured http URLs. This will cause a lot of security warning dialogs for IE users so you have to deal with it. You need all referenced media to be server over SSL. Luckily, you can supply a Proc to generate asset URLs and this Proc receives the current 'request' object which we can interrogate. Turns out that this is such a common situation, the example in the rails docs gives the solution. Let's get our four hostname pipelining back too:

ActionController::Base.asset_host = { |source, request|
  if request.ssl?
    "#{request.protocol}asset#{(source.hash % 4)}"